标题: 关于vnc不用输入最后一位的真相:只支持8位!! [打印本页] 作者: iking 时间: 2012-6-12 16:56 标题: 关于vnc不用输入最后一位的真相:只支持8位!! 最近在整服务器。用的是rhel5.1版,使用自带vnc进行远程管理,无意间试了下。只支持8位密码。。即使你配置时密码输得再长,前8位正确就直接可以登录了。这样安全隐患也太大了。想咨询下。有高手可以解决此问题?windows下VNC服务器自行安装。。支持128位加密。可linux,8位貌似少了点吧。。。作者: iking 时间: 2012-6-12 16:57
可以考虑用ssh tunnel
1. 根据manpage of vncpasswd,密码最长为8。
vncpasswd allows you to set the password used to access VNC desktops. It stores an obfuscated version of the password in the given file (default $HOME/.vnc/passwd).
The password must be at least six characters long, and only the first eight characters are significant. Note that the stored password is not encrypted securely - anyone who has access to this file can trivially find out the plaintext password, so vncpasswd always sets appropriate permissions (read and write only by the owner). However, when accessing a VNC desktop a challenge-response mechanism is used over the wire making it hard for anyone to crack the password simply by snooping on the network.